Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-39805

Remove unsafe cyphers of SSHD module

    XMLWordPrintable

Details

    • Bug
    • Status: Resolved (View Workflow)
    • Major
    • Resolution: Fixed
    • core
    • Jenkins 2.7.3
      sshd-module: 1.7

    Description

      SSHD is setup with unsecured cyphers like CBC (see https://www.kb.cert.org/vuls/id/958563). These cyphers should be removed.

      There is already a PR filed here: https://github.com/jenkinsci/sshd-module/pull/5. This will also need to be integrated in core hence this ticket.

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. JENKINS-33021 trilead ssh MAC and key exchange algorithms severely outdated

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved
          links to

          Web Link sshd-module - PR#5

          Activity

            Ascending order - Click to sort in descending order
            oleg_nenashev Oleg Nenashev added a comment -

            Ideally also makes sense to add new Ciphers, but it is blocked by JENKINS-33021

            oleg_nenashev Oleg Nenashev added a comment - Ideally also makes sense to add new Ciphers, but it is blocked by JENKINS-33021
            oleg_nenashev Oleg Nenashev added a comment -

            The fix has been integrated into 3.34 as an RFE.
            If you consider it as a bug fix, please respond

            oleg_nenashev Oleg Nenashev added a comment - The fix has been integrated into 3.34 as an RFE. If you consider it as a bug fix, please respond
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Oleg Nenashev
            Path:
            war/pom.xml
            http://jenkins-ci.org/commit/jenkins/8a2d2de2a346fa79c16cceadf38e90b1dc06ee36
            Log:
            JENKINS-39805 - Update SSH module to 1.8 (#2641)

            `the fix disables some obsolete protocols as per JENKINS-39805(https://issues.jenkins-ci.org/browse/JENKINS-39805): AES128CBC, TripleDESCBC.Factory(), and BlowfishCBC

            All changes: https://github.com/jenkinsci/sshd-module/compare/sshd-1.7...sshd-1.8

            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: war/pom.xml http://jenkins-ci.org/commit/jenkins/8a2d2de2a346fa79c16cceadf38e90b1dc06ee36 Log: JENKINS-39805 - Update SSH module to 1.8 (#2641) `the fix disables some obsolete protocols as per JENKINS-39805 ( https://issues.jenkins-ci.org/browse/JENKINS-39805): AES128CBC, TripleDESCBC.Factory(), and BlowfishCBC All changes: https://github.com/jenkinsci/sshd-module/compare/sshd-1.7...sshd-1.8
            aheritier Arnaud Héritier added a comment -

            oleg_nenashev danielbeckallan_burdajewicz Maybe we should propose to backport it into 2.32.x (as it is a security fix/improvement). WDYT ?

            aheritier Arnaud Héritier added a comment - oleg_nenashev danielbeck allan_burdajewicz Maybe we should propose to backport it into 2.32.x (as it is a security fix/improvement). WDYT ?

            People

              oleg_nenashev Oleg Nenashev
              allan_burdajewicz Allan BURDAJEWICZ
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: